Does anyone know if it is illegal to send e-mail bombs? The reason I'm asking is someone doesn't seem to care for some remarks I made on another board, so they decided to send me a little surprise. I caught it with a virus scan(I scan all my mail), so no harm, but I really would like to get them where it hurts. The address that came with it appears to be real. Any suggestions? By the way, the file was a happy99.exe that contained the w32/Ska.exe viruse, anyone know anything about it? Thanks Casey

It's realy one of the least harmfull virus's
if you get it it is preaty easy to get rid of

just replace all the files it changes and delete the registry entry http://www.sysopt.com/forum/smile.gif

this is from Mcafee's
Characteristics
W32/Ska is a worm that was first posted to several newsgroups and has been reported to several of the AVERT Labs locations worldwide. When this worm is run it displays a message "Happy New Year 1999!!" and displays "fireworks" graphics. The posting on the newsgroups has lead to its propagation. It can also spread on its own, as it can attach itself to a mail message and be sent unknowingly by a user. Because of this attribute it is also considered to be a worm.

AVERT cautions all users who may receive the attachment via email to simply delete the mail and the attachment. The worm infects a system via email delivery and arrives as an attachment called Happy99.EXE. It is sent unknowingly by a user. When the program is run it deploys its payload displaying fireworks on the users monitor.

Note: At this time no destructive payload has been discovered.

When the Happy.EXE is run it copies itself to Windows\System folder under the name SKA.EXE. It then extracts, from within itself, a DLL called SKA.DLL into the Windows\System folder if one does not already exist.

Note: Though the SKA.EXE file file is a copy of the original it does not run as the Happy.EXE files does, so it does not copy itself again, nor does it display the fireworks on the users monitor.

The worm then checks for the existence of WSOCK32.SKA in the Windows\System folder, if it does not exist and a the file WSOCK32.DLL does exist, it copies the WSOCK32.DLL to WSOCK32.SKA.

The worm then creates the registry entry -

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce\Ska.exe="Ska.exe"

- which will execute SKA.EXE the next time the system is restarted. When this happens the worm patches WSOCK32.DLL and adds hooks to the exported functions EnumProtocolsW and WSAAsyncGetProtocolByName.


The patched code calls two exported functions in SKA.DLL called mail and news, these functions allow the worm to attach itself to SMTP e-mail and also to any postings to newsgroups the user makes.

Even though it is harmless or close to it, it shouldn't be legal. Do you knpw the guy that sent it? If so, find out what city he is in and contact the authorities. Computer hacking and the like is not looked to kindly upon. You may need to make a big issue about it with them and make several follow-up calls to get anything done though.
dave

one thing to think about was did he do it on perpose ? as that one can send it's self with out the sender knowing they sent it I got it from my sister she sent me a e-mail from her work computer and never knew till I told her that she had sent it and that her computer had a virus. all he has to do was say I did not know http://www.sysopt.com/forum/frown.gif what are they going to do ? I would send Him a e-mail and tell him your scanner cought and stoped that virus in the e-mail he sent you and see what he say's in reply. and then take it from there.

I'm going to say it was intentional. Simple becuase that's all the e-mail contained. Well, the happy99.exe attachment and the guys name and that was it. I'm going to do a little more research and see what happens. Thanks for the info on the virus though. C>C.

If I was you, I'd get in touch with the admin of the board pronto!! That guy could go downhard if he's caught. You could always do what I'd do; latch a copy of NetBus or BO onto a file he's downloading and hack the sucker! If admin asks, I didn't say that http://www.sysopt.com/forum/wink.gif